Skip to content
AM

Quickstart: Cursor and other IDE clients

Use a remote streamable-HTTP configuration when your IDE can attach static headers. Use a local stdio bridge when it cannot. In both cases, the current InBlack MCP surface requires an already-issued ZITADEL bearer token and explicit tenant context.

Required values

URL: https://ai-coo.inblack.app/mcp
Authorization: Bearer <zitadel-access-token>
X-Tenant-ID: <tenant-id>

The bearer token expires and must be replaced. Store it in the client’s supported secret or environment mechanism; do not commit MCP configuration containing a token.

Cursor

Cursor supports project configuration at .cursor/mcp.json and global configuration at ~/.cursor/mcp.json. A remote entry has this shape:

{
"mcpServers": {
"inblack": {
"type": "http",
"url": "https://ai-coo.inblack.app/mcp",
"headers": {
"Authorization": "Bearer ${env:INBLACK_ACCESS_TOKEN}",
"X-Tenant-ID": "${env:INBLACK_TENANT_ID}"
}
}
}
}

Make both environment variables available to the Cursor process before launch. If the installed Cursor release does not resolve headers reliably, use the stdio bridge below.

Zed

Open the Agent Panel’s MCP settings and add a custom remote server, or add this to Zed settings:

{
"context_servers": {
"inblack": {
"url": "https://ai-coo.inblack.app/mcp",
"headers": {
"Authorization": "Bearer <zitadel-access-token>",
"X-Tenant-ID": "<tenant-id>"
}
}
}
}

Zed only starts its standard MCP OAuth flow when no Authorization header is configured. InBlack’s current bearer-token runtime requires the header form shown above.

Stdio bridge fallback

For an IDE that only accepts a local command, use mcp-remote with explicit headers:

{
"mcpServers": {
"inblack": {
"command": "npx",
"args": [
"-y",
"mcp-remote@latest",
"https://ai-coo.inblack.app/mcp",
"--transport",
"http-only",
"--header",
"Authorization:${INBLACK_AUTH_HEADER}",
"--header",
"X-Tenant-ID:${INBLACK_TENANT_ID}"
],
"env": {
"INBLACK_AUTH_HEADER": "Bearer <zitadel-access-token>",
"INBLACK_TENANT_ID": "<tenant-id>"
}
}
}
}

Fit the entry into the IDE’s documented MCP wrapper. Do not remove http-only: the InBlack SSE and messages transports are retired.

Verify

  1. Confirm the server reports active.
  2. List tools and verify the response is tenant-filtered.
  3. Call a T1 read with a small result limit.
  4. Call a simulate tool before testing a write.
  5. Handle INBLACK_CONFIRMATION_REQUIRED and structured INBLACK_* errors.

After changing X-Tenant-ID, restart or reconnect the server and run discovery again. A tenant header selects context but never grants membership.